Cyber Incident Victim: Thomas County School District
Date:
Feb 2019
Location:
United States of America
Summary
The Thomas County School District experienced a breach of its online banking system, compromising employee payroll information including names, employee ID numbers, bank account numbers, and routing numbers. Unauthorized access to a computer storing this data occurred over several days, though banking controls prevented fraudulent transfers and financial loss. The district engaged a cybersecurity firm to investigate, deploy defensive measures, and halt further attacks, while advising affected employees to monitor their accounts for potential fraud.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around February 7, 2019, the Thomas County School District experienced unauthorized access to a computer system containing employee payroll banking information. The district discovered malicious cyber activity targeting its online banking system, prompting an immediate investigation with cybersecurity firm BlueVoyant. Forensic analysis revealed attackers compromised employee payroll records containing names, employee ID numbers (distinct from Social Security numbers), bank account numbers, and bank routing numbers. The breach persisted for several days following initial intrusion. While attackers attempted fraudulent fund transfers, existing control mechanisms maintained by the district's banking partner successfully blocked all unauthorized transactions, preventing financial loss. District administrators took containment measures including deploying specialized security software recommended by BlueVoyant to halt further malicious activity.
The district formally notified affected employees on March 5, 2019, confirming the exposure of sensitive banking data and advising vigilance against potential fraud. Investigators determined the breach originated through unauthorized access to a specific computer storing financial records but did not publicly disclose the initial attack vector or method of compromise. No evidence suggested theft of Social Security numbers or student data. The district maintained its banking relationships without disruption due to the intercepted fraudulent transfers. Ongoing investigations continued to assess the full scope of compromised systems and attacker methodologies at the time of notification. Employees received guidance to monitor bank accounts for suspicious activity while the district emphasized its commitment to securing personal information through enhanced protective measures.